VMGuru.com

Dropbox Cloudy on Privacy

Wednesday, April 20 2011 12:04 Written by Scott Polly

Like most people that work in the technology field, I’m occasionally asked to define or describe technical concepts to the uninitiated.  Lately, due to Microsoft’s bazillion dollar marketing budget, I’m asked about “the cloud”.

One of my favorite examples that I use as an explanation is Dropbox - it’s simple, free, and people seem to understand it fairly easily.  Up until recently, I’ve been a big Dropbox fan, even managing to convert a few of the unwashed masses as well.

What’s changed recently? The fine folks at Dropbox seem to have forgotten about the Fourth Amendment - the one that protects us from unreasonable search and seizure - and seem willing to give out customer data just to avoid a hassle.

While consumption of any internet service raises the risk of data exposure (I’m looking at you, Facebook),  Dropbox is a different animal for one simple reason - they set a reasonable expectation of privacy.  See the excerpts below, from their page How Secure is Dropbox :

and

Based on some quick googling, in order to set a “reasonable expectation of privacy”, two things have to happen.  First, you have to have a reasonable expectation that the information in question is private.  An encrypted backup of local files meets this test, I believe.  Second, society at large must also recognize the information as private.  Again, I believe that encrypted online backups of personal data would meet this test.

What’s the problem then? Recent changes to their Terms of Service are in direct contradiction to their claims of security.  First, their tithe to the RIAA shills:

How can they delete files that they claim they don’t have access too?  What standards are applied to determine if copyright violations are occuring? There is no clear information about this, but anyone thinking it would take more than a blanket Cease and Desist letter to flush your data down the crapper hasn't been paying attention.

Second, and most important, they will give your data to third parties without a legal requirement to do so.  Their standard is only that they have a “good faith belief that disclosure is reasonably necessary”.  Not legally mandated, mind you, but “reasonably necessary”, and even if their goal is only to protect Dropbox’s property rights.  See the full text below, from their Privacy Page:

Note the statement that “we will remove Dropbox’s encryption from the files”.  This is in direct conflict of their statement that employees aren’t able to access user files.  Simply put, Dropbox is playing dirty pool - claiming one thing (total security) on their main page, and burying the facts in disclaimers you have to dig for.  Nothing new, to be sure, but shady nonetheless.

What does all this really mean? Clearly, serious IT folks don’t consider a free internet service as “the cloud”, but what about your wife, or your mother?  We have millions of non-technical people rushing to “the cloud” to see what the fuss is about, and unknowingly giving up their constitutional rights in the process. I'm not usually a tin-foil hat type of guy, but I think we should all be very concerned about what we put out in the ether.  Equally important, we should make sure that the companies to whom we give our business are as concerned about our privacy as we are.

TrackBack URI for this entry

Comments (1)

Write comment

Show/hide comment form

You must be logged in to post a comment. Please register if you do not have an account yet.

< Prev